Javascript 来自PhantomJS的意外结果_Javascript_Google Chrome_Console_Phantomjs

Javascript 来自PhantomJS的意外结果

javascript google-chrome phantomjs

Javascript 来自PhantomJS的意外结果,javascript,google-chrome,console,phantomjs,Javascript,Google Chrome,Console,Phantomjs,我试图写一个脚本来检查一些网站的安全问题。我正在向window对象添加_domlog函数，当我传递此URL时应调用该函数，例如： https://domgo.at/cxss/example/1?payload=abcd&sp=x#1</iframe></style></script></object></embed></textarea><img src=x onerror=__domlog(0,0,51)&g

我试图写一个脚本来检查一些网站的安全问题。我正在向window对象添加_domlog函数，当我传递此URL时应调用该函数，例如：

https://domgo.at/cxss/example/1?payload=abcd&sp=x#1</iframe></style></script></object></embed></textarea><img src=x onerror=__domlog(0,0,51)><!--/*

问题是没有调用此函数，并且page.onsolemessage没有显示任何错误。当我在Chrome中请求相同的链接时，将请求uudomlog函数。据我所知，phantomJS是基于Chrome的，我想问一下我是否犯了一些错误

function validateExploit(url, callback) {
    console.log('Validating ..');

    var page = require('webpage').create();

    page.onConsoleMessage = function(msg, lineNum, sourceId) {
        console.log('CONSOLE: ' + msg + ' (from line #' + lineNum + ' in "' + sourceId + '")');
    };

    page.onCallback = function (data) {
        result = data;
        console.log(' -> Exploit successful');
    };

    page.onInitialized = function () {
        page.evaluateJavaScript('function(){location.href = decodeURI(location.href);}');
        page.customHeaders = { "X-XSS-Protection": "0" };
        page.evaluate(function () {
            window.__domlog = function (findingId, exploitId, tabId) {
                window.callPhantom({
                    'success': true,
                    'findingId': findingId,
                    'exploitId': exploitId,
                    'tabId': tabId
                });
            };
        });
    };

    page.open(url, function (status) {
        page.close();
        callback(result);
        console.log(' -> Page closed. Exploit found: ' + result.success);
    });
}